Network Security/ 5.9 Network Device Vulnerabilities

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Common Vulnerabilities and Exposures (CVEs)

A repository of vulnerabilities hosed by MITRE Corporation

Privilege escalation

A software bug or design flaw in an application that allows an attacker to gain access to system resources or additional privileges that aren't typically available examples of privilege escalation: 1. A user accessing a system with a regular user account that is able to access functions reserved for higher-level user accounts (such as administrative features). 2. A user who is able to access content that should only be accessible to a different user. 3. A user who should only have administrative access that can access content that should only be available to a regular user.

Zero-day vulnerability

A software vulnerability that is unknown to the vendor that can be exploited by attackers

Backdoor

An unprotected and usually lesser known access method or pathway that may allow attackers access to system resources

An attacker was able to gain unauthorized access to a mobile phone and install a Trojan horse so that he or she could bypass security controls and reconnect later. Which type of attack is this an example of?

Backdoor

In an effort to increase the security of your organization, programmers have been informed they can no longer bypass security during development. Which vulnerability are you attempting to prevent?

Backdoor

While developing a network application, a programmer adds functionally that allows her to access the running program without authentication so she can capture debugging data. The programmer forgets to remove this functionality prior to finalizing the code and shipping the application. Which type of security weakness does this describe?

Backdoor

For security, what is the first thing you should do when new hardware and software is turned on for the first time?

Change default account names and passwords immediately

When setting up a new wireless access point, what is the first configuration change that should be made?

Default login

Which of the following are characteristics of a complex password? (Select two.)

Has a minimum of eight characters Consists of letters, numbers, and symbols

An attacker has gained access to the administrator's login credentials. Which type of attack has most likely occurred?

Password cracking

A relatively new employee in the data entry cubical farm was assigned a user account similar to the other data entry employees' accounts. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas. This situation indicates which of the following has occurred?

Privilege escalation

An attacker has obtained the logon credentials for a regular user on your network. Which type of security threat exists if this user account is used to perform administrative functions?

Privilege escalation

Travis and Craig are both standard users on the network. Each user has a folder on the network server that only they can access. Recently, Travis has been able to access Craig's folder. This situation indicates which of the following has occurred?

Privilege escalation

Why is it important to apply new firmware or patches for devices?

Software updates may help fix bugs before they happen

You've just deployed a new Cisco router that connects several network segments in your organization. The router is physically located in a server room that requires an ID card to gain access. You've backed up the router configuration to a remote location in an encrypted file. You access the router configuration interface from your notebook computer by connecting it to the console port on the router. You've configured the management interface with a username of admin and a password of password. What should you do to increase the security of this device?

Use a stronger administrative password.

What are the resources you can use to keep track of existing technology vulnerabilities in an organization?

VMDR (Vulnerability Management, Detection, and Response

What are the characteristics of a complex password?

typically over 8 characters and a mix of character types (numbers and symbols) along with requirements that the passwords are not words, variations of words or derivatives of the username


Set pelajaran terkait

Short-term and long-term financing

View Set

intro to crim final exam study guide

View Set

Interior and Exterior Angles of Polygons equations

View Set